To secure communication in networks, suitable cryptographic methods are normally used, which may be subdivided into two different categories: symmetrical methods, in which the sender and the recipient have the same cryptographic key, and asymmetrical methods, in which the sender encrypts the data to be transmitted with a public (i.e., possibly also known to a potential attacker) key of the recipient, but in which the decryption may only be carried out with an associated private key, which is known ideally only to the legitimate recipient.
Asymmetrical methods have, among others, the disadvantage that they generally exhibit a very high computing complexity. Hence, they are only conditionally suited for resource-limited nodes such as, for example, sensors, actuators and the like, which normally have only a relatively small computing capacity and a small memory and are said to operate energy efficiently, for example, based on battery operation or on the use of energy harvesting. Moreover, frequently only a limited bandwidth is available for data transmission, which makes the exchange of asymmetrical keys having lengths of 2048 bits or even more unattractive.
In symmetrical methods, however, it must be ensured that both the recipient and the sender have the same key. The associated key management in this case generally represents a very challenging task. In the field of mobile communications, keys are inserted into a mobile phone, for example, with the aid of SIM cards and the associated network may then assign the unique identifier of a SIM card to the corresponding key. In the case of wireless LANs however, the keys to be used (“pre-shared keys” normally defined by the input of a password) are normally input when the network is established. However, such a key management rapidly becomes very costly and impracticable when there are a large number of nodes, for example, in a sensor network or other machine-to-machine communication systems. In addition, changing the keys to be used is often not possible at all, or possible only at great cost.
Thus, for some time now, novel approaches under the keyword “Physical Layer Security” have been studied and developed, with the aid of which keys for symmetrical methods may be generated automatically on the basis of the transmission channels between the nodes involved. The ascertainment of random numbers or pseudo-random numbers from channel parameters is derived, for example, from PCT Published Patent Application No. WO 1996023376 A2; the generation of secret keys from channel parameters is described, for example in PCT Published Patent Application No. WO 2006081122 A2 or German Published Patent Application No. 102012215326 A1.
Typically, the initial bit sequences derived from the transmission channel characteristics in the devices involved are (strongly) correlated, but not identical. Since, however, symmetrical cryptography requires identical keys, a key harmonization process is necessary. In such a case, information about the quantized bit sequences may be exchanged and reconciled, in which case preferably little about the sequences and the keys to be derived therefrom is to be revealed to potential attackers, who could monitor the communication exchange. Two such approaches are the use of a CASCADE protocol or the use of error correction methods (error correction codes). However, they also reveal the redundancy information exchanged in the process, which makes it easier for an attacker to obtain access to parts of the secret key. This reduces the entropy and, therefore, the security of the key. Thus, for example, a potential attacker has to try out a smaller number of combinations for a brute-force attack.
According to various predictions, the much-described Internet of Things (IoT) will already include many billions of devices linked to one another in just a few years. In several areas such as, for example, home automation (Smart Home), a large portion of these devices will be battery-operated, for example, as radio-based sensors and actuators, which are connected to a central base station or to other radio-based devices. For such devices in particular, but also for other users in the Internet of Things, an energy-efficient implementation is important. To date, however, the energy efficiency in the implementation of cryptographic methods for securing the communication of such devices has received little attention.
Whereas methods of the “physical layer security” or physics-based key generation methods have previously been studied, these studies focus largely on the underlying telecommunications technology or on questions of information theory. Here as well, energy-efficient implementations have barely been examined to date. Exceptions to this are, for example, German Published Patent Application No. 10 2014 217320 A1 and German Published Patent Application No. 10 2014 217330 A1, in which energy-saving securing methods for networks based on methods of the physical layer security are described.